Github user vanzin commented on the issue: https://github.com/apache/spark/pull/14694 > Spark thrift server needs to access hive metastore principal That's not true. It needs access to the credentials of a user that can talk to the metastore. That can be any user credential, it doesn't need to be a service credential. > Besides that I think there's another possibility that user might develop a custom service based on spark, in this case they also need service principal. That would only make any difference if the thrift server were doing authentication, which it's not. It's not about being safe or not, it's about encouraging the use of Kerberos in the right way. We've already -1'ed similar patches in the past for the same reason.
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org